We're seeking an experienced and solutions-oriented Senior Security & GRC Program Manager to join our growing Privacy & Compliance team under the Legal Department.About MediavineMediavine is a fast-growing advertising management company representing over 10,000 websites in the food, lifestyle, DIY, and entertainment space. Founded by content creators, for content creators, Mediavine is a Top 20 Comscore property, exclusively reaching over 125 million monthly unique visitors. With best-in-class technology and a commitment to traffic quality and brand safety, we ensure optimal performance for our creators.Mission & CultureWe are striving to build an inclusive and diverse team of highly talented individuals that reflect the industries we serve and the world we live in. The unique experiences and perspectives of our team members is encouraged and valued. If you are talented, driven, enjoy the pace of a start-up like environment, let's talk!Position Title & Overview:As a Senior Security & GRC Program Manager, you'll play a key role in shaping and leading our security strategy, governance, risk management, and compliance (GRC) initiatives. You will collaborate across teams to ensure the effective implementation of security and compliance requirements, driving continuous improvement while ensuring the organization's security posture supports its growth objectives. This role requires an individual who can balance security needs with business priorities and bring hands-on expertise in building and scaling security programs.In this position, you will report to the Director of Privacy & Compliance and work closely with leadership and cross-functional teams to build a robust security and GRC framework. This is an individual contributor role that requires proactive leadership and a practical approach to managing security projects, compliance audits, and continuous improvement initiatives across the organization.Essential Responsibilities:
Develop and implement a comprehensive security strategy that aligns with the company's business goals and risk profile. Drive the end-to-end execution of security programs and initiatives, including technical and operational tasks, from inception to completion. Identify, assess, and mitigate security risks while providing practical, actionable solutions that balance security with business needs. Lead incident response efforts, ensuring timely action and effective communication during security incidents. Take a hands-on approach to managing security tools and platforms, performing security audits, and ensuring compliance deliverables are met. Conduct periodic security reviews and assessments as part of the third-party risk management program. Stay informed on emerging security threats and innovations, integrating new technologies and strategies to enhance our security posture. Lead the development and delivery of security awareness and training programs across the organization. Own and refine our Governance, Risk, and Compliance (GRC) framework, ensuring alignment with industry standards such as NIST CSF, SOC 2, GDPR, CCPA, and other relevant frameworks. Monitor evolving regulatory requirements and ensure compliance across departments without disrupting business operations. Collaborate with cross-functional teams to embed compliance processes into day-to-day operations and ensure security best practices are followed. Build and implement risk management strategies that support informed decision-making at all levels of the business. Manage multiple GRC-related projects from planning through execution, ensuring appropriate resource allocation and successful delivery of outcomes. Serve as the subject matter expert for all security and risk-related decisions, providing guidance to teams across the organization. Required travel on an as needed basis, for our annual All Hands Retreat, Team Retreats/Meetings and/or industry events/conferences (approx. 15%).Location: - Applicants must be based in the United States.You Have:
- Degree in Information Technology, Cybersecurity, Computer Science, or a related field (or equivalent experience).
- 7+ years of experience in security and GRC roles, with at least 5 years of hands-on experience building and managing security and compliance programs in high-growth environments.
- Strong understanding of security principles, frameworks, and best practices.
- Proven ability to balance security requirements with business objectives.
- Hands-on experience with the NIST Cybersecurity Framework (CSF).
- Deep knowledge of GRC frameworks and regulations such as NIST CSF, SOC 2, GDPR, and CCPA.
- A solid track record of implementing risk management practices that proactively mitigate security risks and support business objectives.
- Demonstrated ability to take a hands-on approach in managing security tools, conducting audits, drafting policies, and executing compliance programs.
- Industry certifications such as CISSP, CISM, or CISA, preferred.
- Familiarity with the Ad Tech industry and its unique security and compliance challenges.
- Experience with security tools like JAMF Protect, Astra, or KnowBe4.
- Knowledge of additional security frameworks or industry standards.
- Strong written and verbal communication skills, with the ability to translate complex security and compliance concepts into understandable language for non-technical stakeholders.
- Ability to work across multiple teams and levels of the organization, influencing and driving alignment on security and compliance objectives.
- Experience with tools such as AWS, Google Workspace, Slack, and security platforms.
- Required travel on an as needed basis, for our annual All Hands Retreat, Team Retreats/Meetings and/or industry events/conferences (approx. 15%).
- 100% remote.
- Comprehensive benefits including Health, Dental, Vision and 401k match.
- Generous paid time off.
- Wellness and Home Office Perks.
- Up to 12 weeks of paid Parental Leave.
- Inclusive Family Forming Benefits.
- Professional development opportunities.
- Travel opportunities for teams, our annual All Hands retreat as well as industry event.Mediavine provides equal employment opportunities to applicants and employees. All aspects of employment will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.We strongly encourage minorities and individuals from underrepresented groups in technology to apply for this position.At Mediavine, base salary is one part of our competitive total compensation and benefits package and is determined using a salary range. Individual compensation varies based on job-related factors, including business needs, experience, level of responsibility and qualifications. The base salary range for this role at the time of posting is $190,000 - $215,000 USD/yr. #J-18808-Ljbffr